Fandom

Malware Wiki

Loz

1,327pages on
this wiki
Add New Page
Comments0 Share

Virus.DOS.Loz or Loz are memory resident encrypted parasitic viruses that run on MS-DOS. Some of them use the polymorphic technology.

Payload Edit

They hook INT 21h and write themselves to the end of COM and EXE files that are accessed (the earlier versions infect COM files only). These viruses alter the first 4 bytes of COM files (JMP Loc_Virus, DB '+'). While creating a resident copy they decrease the value of system memory (the word at 0000:0413).

Virus.DOS.Loz.1018 & 1023Edit

"Loz.1018,1023" viruses modify system information in boot sectors of floppies (set to zero the word corresponding to the number of disk drive heads). When the AIDSTEST.EXE (soviet antiviral program) is run the viruses display: "Welcom to demo version (C) Zherkov", (thereafter in Russian) "Lozinsky - STUPID, AIDSTEST-RUBBISH" (D.Lozinsky - author of a popular Russian anti-virus program). The "Loz.1018" virus deletes the AIDSTEST.EXE program. The "Loz.1882,1915" viruses delete the AIDSTEST.EXE file as it is run and display the following message (in Russian):

+-----------------------+
ƒ"INVARIATRON" JV       ƒ
ƒAntiscientific centre  ƒ
ƒVersion 5 of 11.12.90  ƒ
ƒLozinsky - STUPID      ƒ
ƒMoscow, tel. 03        ƒ
+-----------------------+
The full explanation see in the next AIDSREAD.ME.

Virus.DOS.Loz.2968Edit

"Loz.2968" sometimes displays the following picture:

________ ___      ___          ___                   ___
ƒƒƒ  ƒƒƒ ƒƒƒ ____ ƒƒƒ _________ƒƒƒ___________________ƒƒƒ__
ƒƒƒ  ƒƒƒ ___ _____ƒƒƒ ________ ƒƒƒ ________ ________ ƒƒƒ
ƒƒƒ__ƒƒƒ ƒƒƒ ƒƒƒ  ƒƒƒ ƒƒƒ   ƒƒƒ ƒƒƒ  ƒƒƒ ƒƒƒ   ƒƒƒ
ƒƒƒ  ƒƒƒ ƒƒƒ ƒƒƒ  ƒƒƒ ƒƒƒ ƒƒƒ ƒƒƒ__ƒƒƒ ƒƒƒ ƒƒƒ
ƒƒƒ  ƒƒƒ ƒƒƒ ƒƒƒ  ƒƒƒ ƒƒƒ  ƒƒƒ ƒƒƒ ƒƒƒ  ___ ƒƒƒ  ƒƒƒ ƒƒƒ
ƒƒƒ  ƒƒƒ ƒƒƒ ƒƒƒ__ƒƒƒ ƒƒƒ__ƒƒƒ ƒƒƒ ƒƒƒ__ƒƒƒ ƒƒƒ__ƒƒƒ ƒƒƒ
ƒƒƒ ƒƒ
ƒƒƒ ƒƒƒƒƒƒ ƒƒƒƒƒƒ ƒƒƒ ƒƒƒ ƒƒƒ ƒƒƒ   ƒƒƒ ƒƒƒ ƒƒ  ƒƒƒƒƒƒ
ƒƒƒ ƒƒƒ ƒƒƒ ƒƒƒ ƒƒƒ ƒƒƒƒƒƒ ƒƒƒ ƒƒƒ ƒƒƒ ƒ ƒƒƒ ƒƒƒƒƒƒ ƒƒƒ_ƒƒƒ
ƒƒƒ ƒƒƒ_ƒƒƒ ƒƒƒ_ƒƒƒ ƒƒƒ_ƒƒƒ ƒƒƒ_ƒƒƒ ƒƒƒ_ƒ_ƒƒƒ ƒƒƒ ƒƒƒ ƒƒƒ ƒƒƒ
___________ ƒƒƒ ________________ƒƒƒ _________________________

Virus.DOS.Loz.2435Edit

"Loz.2435" detects the virtual mode which is used by debuggers on 80x86 computers and disables debugging.

Virus.DOS.Loz.724Edit

Loz.724 is a memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM files (except COMMAND.COM) that are executed. The virus creates a counter in the MBR of the hard drive and increases it on installing into the system memory. On 100th installing the virus hooks INT 9, then it depending on pressed keys writes some data to a hard drive port. The virus contains the text string:

by ShADow Al

MediaEdit

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.